Which VPN Providers Really Take Anonymity Seriously in 2020?

Picking the best VPN can be a tricky endeavor. There are hundreds of VPN services out there, all promising to keep you private. Some are more anonymous than others, however. To help you pick the best one for your needs, we asked dozens of VPNs what their logging policies are, how they handle torrent users, and what else they do to keep you anonymous.

The VPN industry is booming and prospective users have hundreds of options to pick from. All claim to be the best, but some are more anonymous than others.

The VPN review business is also flourishing. Just do a random search for “best VPN service” or “VPN review” and you’ll see dozens of sites filled with recommendations and preferred picks.

We don’t want to make any recommendations. When it comes to privacy and anonymity, an outsider can’t offer any guarantees. Vulnerabilities are always lurking around the corner and even with the most secure VPN, you still have to trust the VPN company with your data.

Instead, we aim to provide an unranked overview of VPN providers, asking them questions we believe are important. Many of these questions relate to anonymity and security, and the various companies answer them in their own words.

We hope that this helps users to make an informed choice. However, we stress that users themselves should always make sure that their VPN setup is secure, working correctly, and not leaking.

This year’s questions and answers are listed below. We have included all VPNs we contacted that don’t keep extensive logs or block torrent traffic on all of their servers.

The order of the providers is arbitrary and doesn’t carry any value. A few links in this article are affiliate links. This won’t cost you a penny more but it helps us to keep the lights on.

—

1. Do you keep (or share with third parties) ANY data that would allow you to match an IP-address and a timestamp to a current or former user of your service? If so, exactly what information do you hold/share and for how long?

2. What is the name under which your company is incorporated (+ parent companies, if applicable) and under which jurisdiction does your company operate?

3. What tools are used to monitor and mitigate abuse of your service, including limits on concurrent connections if these are enforced?

4. Do you use any external email providers (e.g. Google Apps), analytics, or support tools ( e.g Live support, Zendesk) that hold information provided by users?

5. In the event you receive a DMCA takedown notice or a non-US equivalent, how are these handled?

6. What steps would be taken in the event a court orders your company to identify an active or former user of your service? How would your company respond to a court order that requires you to log activity for a user going forward? Have these scenarios ever played out in the past?

7. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why? Do you provide port forwarding services? Are any ports blocked?

8. Which payment systems/providers do you use? Do you take any measures to ensure that payment details can’t be linked to account usage or IP-assignments?

9. What is the most secure VPN connection and encryption algorithm you would recommend to your users?

10. Do you provide tools such as “kill switches” if a connection drops and DNS/IPv6 leak protection? Do you support Dual Stack IPv4/IPv6 functionality?

11. Are any of your VPN servers hosted by third parties? If so, what measures do you take to prevent those partners from snooping on any inbound and/or outbound traffic? Do you use your own DNS servers?

12. In which countries are your servers physically located? Do you offer virtual locations?

Tip: Here’s a list of all VPN providers covered here, with direct links to the answers.

1. We do not store any logs relating to traffic, session, DNS or metadata. There are no logs kept for any person or entity to match an IP address and a timestamp to a current or former user of our service. In summary, we do not log, period. Privacy is our policy.

2. Private Internet Access, Inc. is an Indiana corporation, under the parent company Kape Technologies PLC, a company listed on the London Stock Exchange.

3. We have an active, proprietary system in place to help mitigate abuse including attempts to bypass our simultaneous connection limit.

4. At the moment we are using Google Apps Suite and Google Analytics on our website only with interest and demographics tracking disabled and anonymized IP addresses enabled. We utilize DeskPro for our support team.

5. Primarily, we stress that our service is not intended to be used for illegal activities and copyright infringements and we request our users to comply with this when accepting our Terms of Use. That said, we have an active, proprietary system in place to help mitigate abuse that preserves the privacy of our customers while following the letter of the law.

6. Every subpoena is scrutinized to the highest extent for compliance with both the “spirit” and “letter of the law.” While we have not received any valid court orders to identify an active or former user of service, we do periodically receive subpoenas from law enforcement agencies that we scrutinize for compliance and respond accordingly. If forced to provide logs by a court of law, Private Internet Access has verified in court multiple times that we keep no logs. Our company would fight a court order that requires us to do any sort of logging.

7. BitTorrent and file-sharing traffic are not discriminated against or throttled. We do not censor our traffic, period. We do provide port forwarding services on some of our VPN servers, check here for the full list of PIA VPN servers that support port forwarding.

8. We utilize a variety of payment systems, including, but not limited to: PayPal, Credit Card (with Stripe), Amazon, Google, Bitcoin, Bitcoin Cash, Zcash, CashU, OKPay, PaymentWall, and even support payment using major store-bought gift cards. Payment details are only linked to accounts for billing purposes. IP assignments and other user activity on our VPN servers aren’t linkable to specific accounts or payment details because of our strict and demonstrated no-log policy.

9. At the moment, the most secure and practical VPN connection and encryption algorithm that we recommend to our users would be our cipher suite of AES-256 + RSA4096 + SHA256 over OpenVPN.

10. Our users gain access to a plethora of additional tools, including but not limited to a Kill Switch, IPv6 Leak Protection, DNS Leak Protection, Shared IP System, and MACE, which protect users from malware, trackers, and ads.

11. We utilize our own bare metal servers in third-party data centers that are operated by trusted business partners with whom we have completed serious due diligence. When countries or data centers fail to meet our high privacy standards, we remove our VPN server presence as has previously happened in Brazil, South Korea, Germany, and Russia.

12. We currently operate 3,395 servers across 64 locations in 44 countries. For more information on what countries are available, please visit our PIA network page. All of our locations are physical and not virtualized.

2. Express VPN International Ltd is a British Virgin Islands (BVI) company.

3. We reserve the right to block specific abusive traffic to protect the server network and other ExpressVPN customers. With regards to limits on the number of devices, our systems are merely able to identify how many active sessions a given license has at a given moment in time and use that counter to decide whether a license is allowed to create one additional session. This counter is temporary and is not tracked over time.

4. We use Zendesk for support tickets and SnapEngage for live chat support; we have assessed the security profiles of both and consider them to be secure platforms. We use Google Analytics and cookies to collect marketing metrics for our website and several external tools for collecting crash reports (only if a user opts into sharing these reports). ExpressVPN is committed to protecting the privacy of our users, and our practices are discussed in detail in our comprehensive Privacy Policy.

5. As we do not keep any data or logs that could link specific activity to a given user, ExpressVPN does not identify or report users as a result of DMCA notices. User privacy and anonymity are always preserved.

6. Legally our company is only bound to respect subpoenas and court orders when they originate from the British Virgin Islands government or in conjunction with BVI authorities via a mutual legal assistance treaty. As a general rule, we reply to law enforcement inquiries by informing the investigator that we do not possess any data that could link activity or IP addresses to a specific user. Regarding a demand that we log activity going forward: Were anyone ever to make such a request, we would refuse to re-engineer our systems in a way that infringes on the privacy protections that our customers trust us to uphold.

Not storing any sensitive information also protects user privacy and security in the event of law enforcement gaining physical access to servers. This was proven in a high-profile case in Turkey in which law enforcement seized a VPN server leased by ExpressVPN but could not find any server logs that would enable investigators to link activity to a user or even determine which users, or whether a specific user, were connected at a given time.

7. We do not believe in restricting or censoring any type of traffic. ExpressVPN allows all traffic, including BitTorrent and other file-sharing traffic (without rerouting), from all of our VPN servers. At the moment, we do not support port forwarding.

8. ExpressVPN accepts all major credit cards, PayPal, and a large number of local payment options. We also accept Bitcoin, which we recommend for those who seek maximum privacy in relation to their form of payment. As we do not log user activity, IP addresses, or timestamps, there is no way for ExpressVPN or any external party to link payment details entered on our website with a user’s VPN activities.

10. Yes, our Network Lock feature, which is turned on by default, prevents all types of traffic including IPv4, IPv6, and DNS from leaking outside of the VPN. We do not yet support IPv6 routing through the VPN tunnel. ExpressVPN also protects users from data leaks in a number of ways.

11. Our VPN servers are hosted in trusted data centers with strong security practices, where the data center employees do not have server credentials. The efforts we take to secure our VPN server infrastructure are extensive and have been audited. For example, with our proprietary TrustedServer technology, we reinstall the entire VPN server software stack from scratch with every reboot, ensuring we have complete confidence in what software is running on each of our servers and that no unauthorized software or backdoors can persist on these servers. More details are available here. We run our own logless DNS on every server, meaning no personally identifiable data is ever stored. We do not use third-party DNS. ExpressVPN shared some extra details with us here.

12. ExpressVPN has over 3,000 servers in 94 countries. For more than 97% of these servers, the physical server and the associated IP addresses are located in the same country. For countries where it is difficult to find servers that meet ExpressVPN’s rigorous standards, we use virtual locations. The specific countries are published on our website here.

1. We do not keep connection logs nor timestamps that could allow us to match customers with their activity.

2. Tefincom S.A., operating under the jurisdiction of Panama.

3. We are only able to see the server load. We also use an automated tool that limits the maximum number of concurrent connections to six per customer. Apart from that, we do not use any other tools.

4. NordVPN uses third-party data processors for emailing services and to collect basic website and app analytics. We use Iterable for correspondence, Zendesk to provide customer support, Google Analytics to monitor website and app data, as well as Crashlytics, Firebase Analytics and Appsflyer to monitor application data. All third-party services we use are bound by a contract with us to never use the information of our users for their own purposes and not to disclose the information to any third parties unrelated to the service.

5. NordVPN is a transmission service provider, operating in Panama. DMCA takedown notices are not applicable to us.

6. If the order or subpoena is issued by a Panamanian court, we would have to provide the information if we had any. However, our zero-log policy means that we do not store any information about our users’ online activity – only their email address and basic payment info. So far, we haven’t had any such cases.

7. We do not restrict any BitTorrent or other file-sharing applications on most of our servers. We have optimized a number of our servers specifically for file-sharing. At the moment, we do not offer port forwarding and block outgoing SMTP 25 and NetBIOS ports.

8. Our customers are able to pay via all major credit cards, regionally localized payment solutions and cryptocurrencies. Our payment processing partners collect basic billing information for payment processing and refund requests, but they cannot be connected to an internet activity of a particular customer. Bitcoin is the most anonymous option, as it does not link the payment details to the user identity or other personal information.

9. All our protocols are secure, however, the most advanced encryption is used by NordLynx. NordLynx is based on the WireGuard® protocol and uses ChaCha20 for encryption, Poly1305 for authentication and integrity, and Curve25519 for the Elliptic-curve Diffie–Hellman key agreement protocol.

11. Most of our servers are leased; however, the security of our infrastructure is our top priority. To elevate our standards to a higher level, we have partnered with VerSprite, a global leader in cybersecurity consulting and advisory services. Due to our special server configuration, no one is able to collect or retain any data, ensuring compliance with our no-logs policy. We do have our own DNS servers, and all DNS requests travel through a VPN tunnel. Our customers can also manually setup any DNS server they like.

12. We do not offer virtual locations, our servers are located in places we state they are. At the time of writing, we have almost 6000 servers in 59 countries.

1. We do not store or share any such information that allows doing that. The only information we store is that related to the payment process. But it is not shared anywhere outside the payment systems.

2. The registered name of the company is Server Management LLC and we operate under US jurisdiction.

3. A single subscription can be used simultaneously for three connections. Abuses of service usually mean using non-P2P servers for torrents or DMCA notices.

Also, our no-log policy makes it impossible to track who downloaded/uploaded any data from the internet using our VPN. We use IPtables plugin to block P2P traffic on servers where P2P is not explicitly allowed. We block outgoing mail on port 25 to prevent spamming activity.

4. We use the live chat provided by tawk.to and Google Apps for incoming email. For outgoing email, we use our own SMTP server.

5. Since no information is stored on any of our servers there is nothing that we can take down. We reply to the data center or copyright holder that we do not log our user’s traffic and we use shared IP-addresses, which make it impossible to track who downloaded any data from the internet using our VPN.

6. HideIPVPN may disclose information, including but not limited to, information concerning a client, to comply with a court order, subpoena, summons, discovery request, warrant, statute, regulation, or governmental request. But because we have a no-logs policy and we use shared IPs there won’t be anything to disclose, excepting billing details. This has never happened before.

7. This type of traffic is welcomed on our German (DE VPN), Dutch (NL VPN), Luxembourg (LU VPN) and Lithuanian (LT VPN) servers. It is not allowed on US, UK, Canada, Poland, Singapore, and French servers as stated in our TOS. The reason for this is our agreements with data centers. We do not allow port forwarding and we block ports 22 and 25 for security reasons.

9. SoftEther VPN protocol looks very promising and secure. Users can currently use our VPN applications on Windows and OSX systems. Both versions have a “kill switch” feature in case the connection drops. Our apps can re-establish a VPN connection and once active restart closed applications. Also, the app has the option to enable DNS leak protection.

10. Yes, our free VPN apps have both features built-in. It is worth mentioning that our free VPN apps for Windows and macOS – there is a brand new version of them – have even more cool and unique features. We were one of the first – if not THE FIRST – to introduce as you call it a “kill switch” in our apps. Now, we give users the ability to easily choose the best, “fastest” VPN server available for them in their location – a “Sort by speed” option.

11. We don’t have physical control of our VPN servers. Servers are outsourced in premium data-centers with high-quality Tier 1 networks. Our servers are self-managed and access is restricted to our personnel only.

1. No. We believe that not logging VPN connection related data is fundamental to any privacy service regardless of the security or policies implemented to protect the log data. Specifically, we don’t log: traffic, DNS requests, connection timestamps and durations, bandwith, IP address or any account activity except simultaneous connections.

2. Privatus Limited, Gibraltar. No parent or holding companies.

3. We limit simultaneous connections by maintaining a temporary counter on a central server that is deleted when the user disconnects (we detail this process in our Privacy Policy).

4. No. We made a strategic decision from day one that no company or customer data would ever be stored on third-party systems. All our internal services run on our own dedicated servers that we setup, configure and manage. No third parties have access to our servers or data. We don’t host any external scripts, web trackers or tracking pixels on our website. We also refuse to engage in advertising on platforms with surveillance-based business models, like Google or Facebook.

5. Our legal department sends a reply stating that we do not store content on our servers and that our VPN servers act only as a conduit for data. In addition, we inform them that we never store the IP addresses of customers connected to our network nor are we legally required to do so. We have a detailed Legal Process Guideline published on our website.

6. Firstly, this has never happened. However, if asked to identify a customer based on a timestamp and/or IP address then we would reply factually that we do not store this information. If legally compelled to log activity going forward we would do everything in our power to alert the relevant customers directly (or indirectly through our warrant canary).

7. We do not block any traffic or ports on any servers. We provide a port forwarding service.

8. We accept Bitcoin, Cash, PayPal, and credit cards. When using cash there is no link to a user account within our system. When using Bitcoin, the transaction is processed through our self-hosted BitPay server. We store the Bitcoin transaction ID in our system.
If you wish to remain anonymous to IVPN you should take the necessary precautions when purchasing Bitcoin. When paying with PayPal or a credit card a token is stored that is used to process recurring payments but this is not linked in any way to VPN account usage or IP-assignments.

9. We offer and recommend WireGuard, a high-performance protocol that utilizes state-of-the-art cryptography. Since its merge into Linux Kernel (v5.6) and the release of 1.0 version of the protocol, we consider it to be ready for wide-scale use. Alternatively, we also offer OpenVPN with RSA-4096 / AES-256-GCM, which we also believe is more than secure enough for the purposes for which we provide our service.

10. Yes, the IVPN client offers an advanced VPN firewall that blocks every type of IP leak possible including IPv6, DNS, network failures, WebRTC STUN etc. Our VPN clients work on a dual-stack IPv4/IPv6 but we currently only support IPv4 on our VPN gateways.

11. We use bare metal dedicated servers leased from third-party data centers in each country where we have a presence. We install each server using our own custom images and employ full disk encryption to ensure that if a server is ever seized the data is worthless.
We also operate an exclusive multi-hop network allowing customers to choose an entry and exit server in different jurisdictions which would make the task of legally gaining access to servers at the same time significantly more difficult. We operate our own network of log-free DNS servers that are only accessible to our customers through the VPN tunnel.

12. We have servers in 32 countries. No virtual locations. Full list of servers is available here.

1. No, we do not record or store any logs related to our services. No traffic, user activity, timestamps, IP addresses, number of active and total sessions, DNS requests, or any other kind of logs are stored.

2. The registered company name is Netbouncer AB and we operate under Swedish jurisdiction where there are no data retention laws that apply to VPN providers.

3. We took extra security steps to harden our servers. They are running using Blind Operator mode, a software module that ensures that it is extremely difficult to set up any kind of traffic monitoring. Abuses like incoming DDoS attacks are usually mitigated with UDP filtering on the source port used by an attacker.

4. No, we do not rely on and refuse to use external third-party systems. We run our own email infrastructure and encourage people to use PGP encryption for reaching us. The ticketing support system, website analytics (Piwik, with anonymization settings) and other tools are hosted in-house on open-source software.

5. We politely inform the sender that we do not keep any logs and are unable to identify a user.

6. In the case that a valid court order is issued, we will inform the other party that we are unable to identify an active or former user of our service due to our particular infrastructure. In that case, they would probably force us to handover physical access to the server, which they would have to reboot to disable the Blind Operator mode and to be able to gain any kind of access. Since we are running our custom system images directly into RAM, all data would be lost.

So far, we have never received any court order and no personal information has ever been given out.

7. Yes, BitTorrent, peer-to-peer and file-sharing traffic is allowed and treated equally to any other traffic on all of our servers. We do not provide port forwarding services yet, however, we do provide a public IPv4+IPv6 addresses mode on OpenVPN which assigns IP addresses being used by only one user at a time for the whole duration of the connection to the server. In this mode, all ports are opened, with the exception of unencrypted outgoing port 25 TCP, usually used by the SMTP protocol, which is blocked to prevent abuse by spammers.

8. As of now, we offer a variety of payment options including anonymous methods such as Bitcoin, Litecoin, Monero and some other cryptocurrencies, and cash money via postal mail. We also offer PayPal (with or without recurring payments), credit cards (VISA, MasterCard and American Express through Paymentwall) and Swish. We do not store sensitive payment information on our servers, we only retain an internal reference code for order confirmation, and the customer connected to the transaction information is removed after 6 months.

9. We recommend our users to use our WireGuard servers, using official clients available on Windows, Linux, macOS and OpenWrt (routers). We propose an easy-to-use WireGuard-based client on Android and iOS.

10. We offer a custom open-source VPN application called azclient for all major desktop platforms (Windows, macOS and Linux) which currently supports OpenVPN. Its source code is released on Github under the GPLv2 license. We are currently revamping this client to a WireGuard-based one and are planning to add a kill switch and DNS leak protection features to it in the future.

As we provide our users with a full dual-stack IPv4+IPv6 functionality on all servers and VPN protocols, we do not need to provide any IPv6 leak protection. Our tunnels are natively supporting IPv6 even from IPv4 only Internet lines, by tunneling IPv6 traffic into IPv4 transparently. Also, our WireGuard servers can be reached through both IPv4 and IPv6.

11. We physically own all our servers in all locations, co-located in closed racks in different data centers around the world meeting our strict security criteria, using dedicated network links and carefully chosen network upstream providers for maximum privacy and network quality. We host our own non-logging DNS servers in different locations.

12. As of now, we operate across 11 locations on 3 continents. New locations in France, Germany, Romania, Spain and Switzerland are planned soon. There are no virtual locations.

6. Under Canadian law, a VPN company cannot be compelled to wiretap users. We can be legally compelled to provide the data that we already have (as per our ToS) and we would have to comply with a valid Canadian court order. Since we do not store any identifying info that can link an IP to an account, the fact that emails are optional to register, and the service can be paid for with cryptocurrency, none of what we store is identifying.

7. We allow P2P traffic in most locations. Yes, we provide port forwarding for all Pro users. Only ports above 1024 are allowed.

8. Stripe, Paypal, Coinpayments, Paymentwall. IP addresses of users are not stored or linked to payments.

9. The encryption parameters are similar for all protocols we support. AES-256 cipher with SHA512 auth and a 4096-bit RSA key. We recommend using IKEv2, as it’s a kernel space protocol that is faster than OpenVPN in most cases.

10. Our desktop apps have a built-in firewall that blocks all connectivity outside of the tunnel. In an event of a connection drop, it fails closed – nothing needs to be done. The firewall protects against all leaks, IPv4, IPv6 and DNS. We only support IPv4 connectivity at this time.

11. We lease servers in over 150 different datacenters worldwide. Some datacenters deploy networking monitoring for the purposes of DDOS protection. We request to disable it whenever possible, but this is not feasible in all places. Even with it in place, since most servers have dozens/hundreds of users connected to them at any given moment, your activity gets “lost in the crowd”. Each VPN server operates a recursive DNS server and performs all DNS resolution locally.

1. We do not keep or record any logs. We are therefore not able to match an IP-address and a time stamp to a user of our service.

2. The registered name of our company is “Offshore Security EOOD” (spelled “ОФШОР СЕКЮРИТИ ЕООД” in Bulgarian). We’re a VAT registered business. We operate under the jurisdiction of Bulgaria.

3. To prevent email spam abuse we block mail ports used for such activity, but we preemptively whitelist known and legit email servers so that genuine mail users can still receive and send their emails.

To limit concurrent connections to 6, we use an in-house developed system that adds and subtracts +1 or -1 towards the user’s “global-live-connections-count” in a database of ours which the authentication API corresponds with anonymously each time the user disconnects or connects to a server. The process does not record any data about which servers the subtracting/detracting is coming from or any other data at any time, logging is completely disabled at the API.

4. We host our own email servers. We host our own Ticket Support system on our servers. The only external tools we use are Google Analytics for our website and Live Chat software.

5. DMCA notices are not forwarded to our users as we’re unable to identify a responsible user due to not having any logs or data that can help us associate an individual with an account. We would reply to the DMCA notices explaining that we do not host or hold any copyrighted content ourselves and we’re not able to identify or penalize a user of our service.

6. This has not happened yet. Should it happen our attorney will examine the validity of the court order in accordance with our jurisdiction, we will then inform the appropriate party that we’re not able to match a user to an IP or timestamp, because we’re not recording any logs.

7. BitTorrent and torrents in general are allowed on all our servers. We offer port forwarding only on the dedicated IP private VPN servers at the moment with the goal to allow it on shared servers too. The only ports which are blocked are those widely related to abuse, such as spam.

8. We accept PayPal, Credit/Debit cards, AliPay, Bitcoin, Bitcoin Cash, Ethereum, WebMoney, GiroPay, and bank transfers. In the case of PayPal/card payments, we link usernames to the transactions so we can process a refund. We do take active steps to make sure payment details can’t be linked to account usage or IP assignments. In the case of Bitcoin, BCH, ETH we do not link usernames to transactions.

9. We use AES-256-CBC + SHA256 cipher and RSA4096 keys on all our OpenVPN servers without exception. We also have Double VPN servers, where for example the traffic goes through Russia and Israel before reaching the final destination. We also have Tor over VPN servers to provide diversity in the anonymous setup a user prefers.

11. We use our own no-logs DNS servers. We work with reliable and established data centers. Nobody but us has virtual access to our servers. The entire logs directories are wiped out and disabled, rendering possible physical brute force access to the servers useless in terms of identifying users.

12. All our servers are physically located in the stated countries. A list of our servers in 60+ countries is available here.

1. No, we do not keep or share with third parties ANY data that would allow us to match an IP address and a timestamp to a current or former user of our service

2. AirVPN in Italy. No parent company/companies.

3. No tools are used.

4. No, we do not use any external email providers, analytics, or support tools that hold information provided by users.

5. They are ignored if they pertain to P2P, they are processed, verified and handled accordingly (rejected or accepted) if they pertain to web sites (or FTP services etc.) hosted behind our VPN servers.

6. a) We would co-operate to the best of our abilities, although we can’t give out information we don’t have. b) We are unable to comply due to technical problems and limitations. c) The scenario in ‘case b’ has never occurred. The scenario in ‘case a’ has occurred multiple times, but our infrastructure does not monitor, inspect or log customers’ traffic, so it is not possible to correlate customer information (if we had it) with customers’ traffic and vice-versa.

7. a) Yes, BitTorrent and other file-sharing traffic is allowed on all servers. AirVPN does not discriminate against any protocol or application and keeps its network as agnostic as possible. b) Yes, we provide remote inbound port forwarding service. c) Outbound port 25 is blocked.

8. We accept payments via PayPal and all major credit cards. We also accept Bitcoin, Ethereum, Litecoin, Bitcoin Cash, Dash, Doge, and Monero. By accepting directly various cryptocurrencies without intermediaries we get rid of privacy issues, including correlations between IP addresses and payments. By accepting directly Monero we also offer the option to our customers to pay via a cryptocurrency which protects transactions with a built-in layer of anonymity.

9. CHACHA20-POLY1305 and AES-256-GCM

10. We provide Network Lock in our free and open-source software. It can prevent traffic leaks (both IPv4 and IPv6 – DNS leaks included) even in case of application or system processes wrong binding, in case of UPnP caused leaks, wrong settings, WebRTC and other STUN related methods, and of course in case of unexpected VPN disconnection. b) Yes, we do provide DS IPv4/IPv6 access, including IPv6 over IPv4, pure IPv4 and pure IPv6 connections. In this way even customers whose ISP does not support IPv6 can access IPv6 services via AirVPN.

11. We do not own our datacenters and we are not a transit provider, so we buy traffic from Tier 1, Tier 2 and only occasionally Tier 3 providers and we house servers in various datacenters. The main countermeasures are: exclusive access to IPMI etc. via our own, external IP addresses or specific VPN for the IPMI etc.; reboot inhibition (requiring remote validation); some other methods we will not reveal. However, if servers lines are wiretapped externally and transparently, and server tampering does not occur, there is no way inside the server to prevent, or be aware of, ongoing wiretapping. Wiretapping prevention must be achieved with other methods on the client-side (some of them are integrated into our software), for example, VPN over Tor, Tor over VPN etc.

12. NO, we do not offer virtual locations and/or VPS. We declare only real locations of real “bare metal” servers.

3. We restrict our services with up to 5 devices per package for VPN connections and to unlimited devices for our SmartDNS service as long as all of them have the same IP address. Abuse of services is regulated by our Linux firewall and most of the datacenters we hire servers from provide additional security measures for server attacks.

4. No

5. We did not receive any official notices yet. We will only respond to a local court order.

6. If we have a valid order from Canadian authorities we have to help them identify the user. Bus as we do not keep any logs we just can’t do that. We did not receive any orders yet.

9. We recommend users to use SoftEther with ECDHE-RSA-AES128-GCM-SHA256 cipher suite.

10. Yes, our apps include Kill Switch and Apps. Killer options in case a VPN connection is dropped. Also, they include DNS Leak protection. We only support IPv4.

11. We use servers from various Data Centers. All the VPN traffic is encrypted so the datacenters cannot see the nature of the traffic, also the access on all servers is secured and no datacenter can see its configuration.

1. Trust.Zone doesn’t store any logs. Therefore, we have no data that could be linked and attributed to the current or former user. All we need from customers is an email to sign up.

2. Trust.Zone is under Seychelles jurisdiction. The company is operated by Internet Privacy Ltd.

3. Our system can understand how many active sessions a given license has at a given moment in time. This counter is temporarily placed in RAM and never logged or saved anywhere.

4. Trust.Zone has never used any third-party tools like Google Analytics, live chat platform, support tools or other.

5. If we receive any type of DMCA requests or Copyright Infringement Notices – we ignore them. Trust.Zone is under offshore jurisdiction, out of 14 Eyes Surveillance Alliance. There is no data retention law in Seychelles.

6. A court order would not be enforceable because we do not log information and therefore there is nothing to be had from our servers. Trust.Zone supports Warrant Canary. Trust.Zone has not received or been subject to any searches, seizures of data, or requirements to log any actions of our customers.

7. BitTorrent and file-sharing traffic is allowed on all Trust.Zone servers. Moreover, we don’t restrict any kind of traffic. Trust.Zone does not throttle or block any protocols, IP addresses, servers or any type of traffic whatsoever.

8. All major credit cards are accepted. PayPal, Alipay, wire transfer, and many other types of payments are available. As we don’t store any logs, there is no way to link payment details with user’s internet activity

9. We use the most recommended protocols in the VPN industry – IKEv2/IPSec, OpenVPN. We also support our own protocol which is faster than OpenVPN and also includes Perfect Forward Secrecy (PFS). Trust.Zone uses AES-256 Encryption by default.

10. Trust.Zone supports a kill-switch function. We also own our DNS servers and provide users with the ability to use our DNS to avoid any DNS leaks. All features listed above are also available with a 30-day Free Plan. Trust.Zone does not support IPv6 to avoid any leaks. We also provide users with additional recommendations to be sure that there are no DNS leaks or IP leaks.

11. We have a mixed infrastructure. Trust.Zone owns some physical servers and we have access to them physically. In locations with lower utilization, we normally host with third-parties. But the most important point is that we use dedicated servers in this case only, with full control by our network administrators. DNS queries go through our own DNS servers.

12. We are operating with 175+ dedicated servers in 93 geo-zones and are still growing. We also provide users with dedicated IP addresses if needed. The full map of the server locations is available here.

1. No, SwitchVPN does not store any logs which would allow anyone to match an IP address and a time stamp to a current or former user of our services.

2. Our company name is “CS SYSTEMS, INC” and it comes under United States jurisdiction.

3. We pro-actively take steps to mitigate abuse of our service/servers by implementing certain firewall rules. Such as blocking default SMTP ports which are likely to be abused by spammers.

4. We use Chatra for providing Live Chat and our web-based ticketing system which is self-hosted. No personal information is collected.

5. SwitchVPN is transitory digital network communications as per 17 U.S.C § 512(a) of the Copyright Act. So in order to protect the privacy of our users we use shared IP addresses, which makes it impossible to pinpoint any specific user. If the copyright holder only provides us with an IP address as identifying information, then it is impossible for us to associate a DMCA notice with any of our users.

6. There have been no court orders since we started our operation in 2010, and as we do not log our users’ sessions and we utilize shared IP addresses, it is not possible to identify any user solely based on timestamps or IP addresses. Currently, there are no mandatory data logging requirements in the United States but in case the situation changes, we will migrate our company to another privacy-friendly jurisdiction.

7. Yes, We have P2P optimized servers that provide dynamic port forwarding. It can be easily filtered in our VPN application.

8. We accept all major payment methods such as Credit Card, PayPal, Bitcoin and other Crypto Currencies. We use shared IPs and every account is assigned an alias username for connecting to the VPN server.

10. Yes, Kill Switch & DNS Leak protection is provided on our Windows and Mac application. Currently we only support IPv4.

11. Before we get into an agreement with any third party, we make sure the company does not have any poor history for privacy and we make sure the company is in-line with our privacy requirements for providing our users with a no-log VPN service. We also use our own DNS servers to anonymize all DNS requests.

12. All of our servers are physically located in the countries we have mentioned, we do not use virtual locations.

1. We DO NOT keep any logs. We do not store logs relating to traffic, session, DNS, or metadata.

2. We’re registered in Sweden under the name “Privat Kommunikation Sverige AB”

3. The nature of our VPN service makes it practically impossible for us to do any sort of monitoring of abuses. We do monitor the realtime state of the total amount of connections per user account as we allow 6 connections simultaneously. This specific information is never stored.

4. We are using LAdesk support tools, included ticket system and Live Chat. They remain on the chat server for the duration of the chat session, then optionally sent by email to a user, and then destroyed.

5. Since we don’t keep any information on any of our servers DMCA is not applicable to our service as it is not a codified law or act under Swedish jurisdiction

6. We don’t retain or log any identifiers at all. So, basically even when ordered to actively investigate a user we are limited to the number of active logins which is just a numerical value. That being said, we have not received a court order to date

7. P2P is allowed on all our servers as a matter of policy. We are not in the business of restricting and throttling things. The whole point of a user connecting to our VPN servers is to get uncensored and unrestricted Internet. We do support port forwarding with one open port to all ports opened.

8. We accept all forms of Credit/Debit card payments through the Stripe payment gateway, PayPal payment method, and Bitcoins. A credit card or a PayPal payment has to be linked to a user account for us to be able to refund a customer due to our 30-day money-back guarantee. More important, a VPN IP can’t be linked to a user account.

9. OpenVPN over UDP with 256-bit security for both data and TLS control channel encryption and Wireguard.

10. Our Windows and macOS VPN app offers a robust Kill switch and DNS leak protection. DNS leaks on any major platform are owing to broken installations which are fixed as soon we see a report or any issues. IPv6 leak protection is available on every platform and multiple VPN protocols. We offer guides and instructions to set up a kill switch on macOS, GNU/Linux, and Android. At this stage, we do not support any Dual Stack IPv4/IPv6 functionality.

11. We have physical control over our servers and network in Sweden, Denmark, Germany, Netherlands, United Kindom – London, Netherlands, France Italy, Spain, Switzerland, USA – NYC – LA, and Canada – Toronto as those locations and networks are 100% managed and owned by PrivateVPN. With all other locations, we use a variation of different hosting providers such as M247. All inbound and outbound traffic is encrypted and can’t be inspected. Yes, each VPN server has its own DNS server which is pushed to the VPN client.

12. We use a mix of physical and virtual servers depending on the demand and needs of a given location. Virtual servers are categorized in our server list on our website to avoid confusion and maintain transparency.

3. As mentioned above we do not log. We have no way to log bandwidth. All limiting is done by active sessions to prevent one person from sharing an account with hundreds of people. We use a custom session management system that operates completely on real-time data and keeps no logs.

4. We run our own communications infrastructure. No analytics are used currently.

5. We send out the below response as we have no logs. “Thanks for the note today. Just for clarification to you (‘InsertDatacenterNameHere’) and you only (this message is not for distribution); the operator(s) of the named network(s) within the notification provide no validation of any claim(s) made on behalf of an ‘abuse’ complainant. The operator(s) of this network, hosts, and network devices have no knowledge of any activities named in the complaint and operate in the absence of logs, records, or other commonly used identifying materials. We appreciate you (‘InsertDatacenterNameHere’) bringing such items to our attention, and if we are able to assist in any way in the future, please let us know. Thanks. This ticket may be closed upon receipt and review.”

6. We have only had one of these requests for a VPS client. We responded by replying to the requester letting them know we were looking into it, and we notified the customer via his email on file. Then we contacted the EFF and they put us in touch with a lawyer who helped us get the case dropped, because we did not have the information requested. If we do have another request in the future we will take several steps. First, we would consult with our lawyers to confirm the validity of the order/subpoena, and respond accordingly if it is NOT a valid order/subpoena. Then we would alert our user of the event if we are legally able to.

If the order/subpoena is valid, we would see if we have the ability to provide the information requested, and respond accordingly we do NOT have the information requested. If we DO have the information requested,
we would immediately reconfigure our systems to stop keeping that information. Then we would consult with our lawyer to determine if there is anyway we can fight the order/subpoena and/or what is the minimum
level of compliance we must meet, as well as, notify the user of the event if we are legally able to do so. If we were forced to start keeping logs on our users, we would go out of business and start a new company in a different jurisdiction.

7. We allow file sharing on our network. We do ask people to use the EU nodes for file-sharing. We have no way to enforce that, but it helps to prevent the USA-based nodes from complaints and shutdown from overzealous copyright trolls. We do offer port forwarding plans with our Perfect Dark Plans. We do not block any ports or monitor.

8. We accept PayPal and Cryptocurrency. All that is required is a working email for signup. Signups via Tor or proxies are highly encouraged along with placeholder information if paying in cryptocurrency. We also use a completely different authentication infrastructure and random usernames for the VPN accounts.

9. We recommend OpenVPN and Our VPN has Perfect Forward Secrecy setup with ECDHE-RSA-AES256-GCM-SHA384 for all our VPN servers which is based on Softether and Ubuntu which allows people to use any protocols their devices supports. This ensures maximum compatibility and the best protection for all.

10. Our VPN profiles are compatible with Qomui (Qt OpenVPN Management UI) and others that have this built into the opensource VPN client. We push custom Adblocking DNS to clients. We also have ‘push “block-outside-dns”’ in our OpenVPN server config files which will prevent the client from leaking DNS requests. Additionally, we include “resolve-retry infinite” and “persist-tun” in the OpenVPN client config files which will prevent the client from sending data in the clear if the VPN connection goes down. We do have dual-stack IPv4/IPv6 support which can be used if IPv6 is enabled on the device.

11. All of our infrastructure is hosted in third-party colocations. However, we use full-disk-encryption on all of our servers. We also use custom DNS servers with adblocking to mitigate tracking from ad networks. We notice this also speeds up mobile devices and removes ads from lots of the apps without paid ad-free versions.

1. We do not keep and we do not share with third parties ANY logs that can identify a user of our service with an IP address and/or a timestamp. We are also GDPR compliant and (in our opinion) keeping this kind of logs is not respecting the Privacy by Design guidelines.

2. The company’s registered name is Amplusnet SRL. We are a Romanian company, which means we are under EU jurisdiction. In Romania, there are no mandatory data retention directives.

3. We limit the number of concurrent connections and we are using Radius for this purpose.

4. The back end of the website is a dedicated WHMCS for billing and support tickets. We do not use external email providers (we host our own mail server). Our users can contact us via live chat (Zendesk). The chat activity logs are deleted on a daily basis. There is no way to associate any information provided via live chat with the users’ accounts.

5. So far we did not receive any DMCA notice for any P2P server from our server list. That is normal considering that the servers are located in DMCA-free zones. For the rest of the servers, P2P and file-sharing activities are not allowed/supported.

6. So far, we have not received any court order. We do not support criminal activities, and in case of a valid court order, we must follow the EU laws under which we operate.

7. We have dedicated P2P servers that allow BitTorrent and other file-sharing applications. The servers are located in Netherlands, Luxembourg, Canada, Sweden, Russia, Hong Kong and Lithuania. We do not reroute P2P connections. We do not provide port forwarding. We are blocking the SMTP ports 25 and 465 to avoid spam from our servers.

8. Payments are performed exclusively by third-party processors, thus no credit card info, PayPal ids, or other identifying info are stored in our database. For those who would like to keep a low profile, we accept BitCoin, LiteCoin, Ethereum, WebMoney, Perfect Money etc.

9. We support SSTP and SoftEther on most of the servers. We also offer double VPN and TOR over VPN.

10. Yes, Kill Switch and DNS leak protection are implemented in our VPN clients. Kill Switch is one of the most-used features. Our users can decide to block all the traffic when the VPN connection drops or to kill a list of applications. We allow customers to disable IPv6 traffic and to make sure that only our DNS servers are used while connected to the VPN. Also, we support SOCKS5 on our P2P servers which can be used for downloading torrents and do not leak any data if the connection to the SOCKS5 proxy drops.

11. We do not have physical control over our VPN servers. We have full remote control to all servers. Admin access to servers is not provided for any third-party.

3. We mitigate abuse by blocking the usage of ports 25, 137,139, and 445 due to email spam and Windows security issues. The number of connections: Each VPN server reports to a central service. When a customer connects to a VPN server, the server asks the central service to validate the account number, whether or not the account has any remaining time, if the account has reached its allowed number of connections, and so on. Everything is performed in temporary memory only; none of this information is permanently stored to disk.

We also monitor the real-time state of total connections per account as we only allow for five connections simultaneously. As we do not save this information, we cannot, for example, tell you how many connections your account had five minutes ago.

4. We have no external elements at all on our website. We do use an external email provider; for those who want to email us, we encourage them to use PGP encryption which is the only effective way to keep email somewhat private. The decrypted content is only available to us.

5. As explained here, there is no such Swedish law that is applicable to us.

6. From time to time, we are contacted by governments asking us to divulge information about our customers. Given than we don’t store activity logs of any kind, we have no information to give out. Worst-case scenario: we would discontinue the servers in the affected countries. The only information AT ALL POSSIBLE for us to give out is records of payments since these are stored at PayPal, banks etc.

7. All traffic is treated equally, therefore we do not block or throttle BitTorrent or other file-sharing protocols. Port forwarding is allowed. Ports 25, 137,139, and 445 are blocked due to email spam and Windows security issues.

8. We accept cash, Bitcoin, Bitcoin Cash, bank wire, credit card, PayPal, and Swish. We encourage anonymous payments via cash or one of the cryptocurrencies. We run our own full node in each of the blockchains and do not use third parties for any step in the payment process, from the generation of QR codes to adding time to accounts. Our website explains how we handle payment information.

9. We offer OpenVPN with RSA-4096 and AES-256-GCM. And we also offer WireGuard which uses Curve25519 and ChaCha20-Poly1305.

10. We offer a kill switch and DNS leak protection, both of which are supported in IPv6 as IPv4. While the kill switch is only available via our client/app, we also provide a SOCKS5 proxy that works as a kill switch and is only accessible through our VPN.

11. At 12 of our locations (4 in Sweden, 1 in Denmark, 1 in Amsterdam, 1 in Norway, 1 in UK, 1 in Finland, 1 in Germany, 1 in Paris, 1 in Zurich) we own and have physical control over all of our servers. In our other locations, we rent physical, dedicated servers (which are not shared with other companies) and bandwidth from carefully selected providers. Keep in mind that we have 5 locations in the UK and 3 in Germany, the servers we physically own are the ones hosted by 31173.se (they start with gb-lon-0* and de-fra-0* , and gb4-wireguard, gb5-wireguard, de4-wireguard and de5-wireguard).

Yes, we use our own DNS servers. All DNS traffic routed via our tunnel is ‘hijacked’, even if you accidentally select another DNS our DNS will anyhow be used. Except if you have setup DNS over HTTPS or DNS over TLS.

1. TorGuard has never kept or retained logs for any user. No timestamps or IP logs are kept on any VPN or authentication server. The only information TorGuard has is statistical network data which helps us to determine the load of a given server.

2. TorGuard is owned by VPNetworks LLC and its parent company Data Protection Services. We operate under US jurisdiction.

3. We use custom modules in a platform called Nagios to monitor VPN/Proxy hardware utilization, uptime and latency. TorGuard does enforce an eight device per user limit in real-time and each session is immediately wiped once the user has logged out. If that user failed to logout or was disconnected accidentally, our system automatically discards these stale sessions within a few minutes.

4. We use Google Apps for email and anonymized Google Analytics data for performance reporting. All support is handled internally and TorGuard does not utilize third-party tools for customer support.

5. If a valid DMCA takedown notice is received it would be handled by our legal team. Due to our no-log policy and shared IP network, we are unable to forward any requests to a single user.

6. If a court order is received, it is first handled by our legal team and examined for validity in our jurisdiction. Should it be deemed valid, our legal representation would be forced to further explain the
nature of our shared IP network configuration and the fact that we do not hold any identifying logs or time stamps.

TorGuard’s network was designed to operate with minimum server resources and is not physically capable of retaining user logs. Due to the nature of shared VPN servers and the large traffic volume flowing through our network, it would not be possible to retain such logs. No, that scenario has never played out.

7. Yes, torrents work on all servers except our residential IP network as these are performance optimized for specific streaming platforms. TorGuard does offer port forwarding for all ports above 2048 and the only port we block outgoing is SMTP port 25 to prevent abuse.

8. We use Stripe for credit or debit card processing and utilize our own BTCPay instance for Bitcoin and Litecoin transactions. TorGuard accepts all cryptocurrency through coinpayments.net and use Paymentwall and PayGarden for Gift Card payments. TorGuard has gone through extreme measures by heavily modifying our billing system to work with various payment providers and to help protect our users’ privacy.

9. For a high level of security, we would recommend using OpenVPN with AES-256-GCM-SHA512 using our stealth VPN protocol as an added measure through the TorGuard desktop or mobile apps.

10. Yes – our kill switch is uniquely designed to send all traffic into a *black hole* if the user loses connectivity or the app crashes for any reason. Dual stack IPv4/IPv6 is currently in development and will be released very soon.

11. We do have servers hosted at third parties but only select a location after extensive due diligence on very specific security criteria. We encrypt all disks and run 80% so far on virtual RAM disks. We do provide secure public DNS but we also provide our internal DNS on every endpoint which queries root VPN servers directly.

12. At this time we have three virtual locations: Taiwan, Greece and Mexico. TorGuard would rather not provide any virtual locations but occasionally if we cannot find a bare-metal data center that meets our security criteria we won’t take the risk.

1. We do not store or log any data that would indicate the identity or the activities of a user.

2. The name of the company is VECTURA DATAMANAGEMENT LIMITED COMPANY and the jurisdiction is Switzerland.

3. The number of connections/devices at the same time is not limited because we do not track it. In case of malicious activity towards specific targets, we block IP addresses or ranges, so they are not accessible from our VPN servers. Additionally, we have limits on new outgoing connections for protocols like SSH, IMAP, and SMTP to prevent automated spam and brute force attacks. We do not use any other tools.

4. Our websites use Google Analytics to improve the quality of the user experience and it’s GDPR compliant with anonymized IP addresses. You can prohibit tracking with just one click on a provided link in the privacy policy. If a customer has a problem with Google, he has the possibility to disable the tracking of all Google domains in TrackStop. I believe we are the only VPN provider who offers this possibility. All other solutions like email, support and even our affiliate program is in-house software and under our control.

5. Because we do not host any data, DMCA notices do not directly affect us. However, we generally answer inquiries. We point out that we do not keep any data that would allow us to identify a user of the used IP address.

6. If we receive a Swiss court order, we are forced to provide the data that we have. Since we don’t log any IP addresses, timestamps or other connection-related data, the only step on our side is to inform the inquiring party that we do not have any data that would allow the identification of a user based on that data. Should we ever receive a legally binding court order that would require us to log the activity of a user going forward, we’d rather shut down the servers in the country concerned than compromise our user’s privacy.

There have been incidents in the past where Perfect Privacy servers have been seized, but no user information was compromised that way. Since no logs are stored in the first place and additionally all our services are running within RAM disks, a server seizure will never compromise our customers. Although we are not subject to US-based laws, there’s a warrant canary page available.

7. With the exception of our US servers and French servers, BitTorrent and other file-sharing software is allowed. We offer port forwarding and do not block any ports.

8. We offer Bitcoin, PayPal and credit cards for users who prefer these options and over 60 other payment methods. Of course, it is guaranteed that payment details are not associated with any IP addresses. The only
thing you know about a person is that he or she is a customer of Perfect Privacy and which email address was used.

9. The most secure protocol we recommend is still OpenVPN with 256-bit AES-GCM encryption. With our VPN Manager for Mac and Windows you also have the possibility to create cascades over four VPN servers. This Multi
Hop feature works tunnel in tunnel. If you choose countries for the hops which are known not to cooperate with each other, well you get the idea. On top of that you can activate our NeuroRouting feature, which changes the routing depending on the destination of the visited domain and dynamically selects different hops for the outgoing server to ensure it is geographically close to the visited server.

10. Yes, our servers support full Dual Stack IPv4/IPv6 functionality, even when your ISP does not support IPv6. Our VPN Manager has a “kill switch” which has configurable protection with three security levels.

11. We run dedicated bare-metal servers in various data centers around the world. While we have no physical access to the servers, they all are running within RAM disks only and are fully encrypted.

12. Currently, we offer servers in 26 countries worldwide. All servers are located in the city displayed in the hostname – there are no virtual locations. For full details about all servers locations, please
check our server status site as we are constantly adding new servers.

2. Slick Networks, Inc. is our recognized corporate name. We operate a complex business structure with multiple layers of offshore holding companies, subsidiary holding companies, and finally some operating companies to help protect our interests. The main marketing entity for our business is based in the United States of America but the top level of our operating entity is based out of Nevis.

3. We block port 25 to reduce the likelihood of spam originating from our systems. The SlickVPN authentication backend is completely custom and limits concurrent connections.

4. We utilize third party email systems to contact clients who opt-in for our newsletters and Google Analytics for basic website traffic monitoring and troubleshooting. We believe these platforms to be secure. Because we do not log your traffic/browsing data, no information about how users may or may not use the SlickVPN service is ever visible to these platforms.

5. If a valid DMCA complaint is received while the offending connection is still active, we stop the session and notify the active user of that session. Otherwise, we are unable to act on any complaint as we have no way of tracking down the user. It is important to note that we rarely receive a valid DMCA complaint while a user is still in an active session.

6. This has never happened in the history of our company. Our customer’s privacy is of topmost importance to us. We are required to comply with all valid court orders. We would proceed with the court order with complete transparency, but we have no data to provide any court in any jurisdiction. SlickVPN uses a warrant canary to inform users if we have received any such requests from a government agency. Users can monitor our warrant canary here: SlickVPN Warrant Canary.

7. Yes. All traffic is allowed. SlickVPN does not impose restrictions based on the type of traffic our users send. Outgoing mail is blocked but we offer a method to split tunnel the mail out if necessary. We can forward ports upon request. Some incoming ports may be blocked with our NAT firewall but these can be opened on request

8. We accept PayPal, Credit Cards, Bitcoin, Cash, and money orders. We keep user authentication and billing information on independent platforms. One platform is operated out of the United States of America (marketing) and the other platform is operated out of Nevis (operations).

Payment details are held by our marketing company which has no access to the operations data. We offer the ability for the customer to permanently delete their payment information from our servers at any point and all customer data is automatically removed from our records shortly after the customer ceases being a paying member.

9. We recommend using OpenVPN if at all possible (available for Windows, Apple, Linux, iOS, Android) and we use the AES-256-CBC algorithm for encryption.

10. Our leak protection (commonly called a ‘kill-switch’) keeps your IPv4 and IPv6 traffic from leaking to any other network and protects against DNS leaks. Your network will be disabled if you lose the connection to our servers and the only way to restore the network is manual intervention by the user. We don’t offer IPv6 connections at this time.

11. We physically control some of our server locations where we have a heavier load. Other locations are hosted with third parties unless there is enough demand in that location to justify racking our own server setup. To ensure redundancy, we host with multiple providers in each location. We have server locations in over forty countries.

In all cases, our network nodes load over our encrypted network stack and run from RAMDisk. Anyone taking control of the server would have no usable data on the disk. We periodically remount our ramdisks to remove any lingering data. Each of our access servers acts as the DNS server for customers connected to that node.

1. We do not keep any logs of data transmitted through our service and we have no way of knowing what our users are doing while connected to our servers. However, we will note that all payment processors store IP data for the purpose of fraud mitigation. Our payment processor is no different.

2. We operate under AppAtomic, physically headquartered with personnel in Cyprus. We also have offices in Montreal where sales, development, and support take place.

3. We have proprietary systems being used to mitigate abuse, but don’t enforce limitations on concurrent connections at the current time.

4. We use Google’s Firebase and Analytics for basic statistical reporting, however, those services do not have access to data transferred by our users. ZenDesk is currently employed to provide support, however, we plan on migrating everything in-house in the near future.

5. Since we keep no logs, there is virtually nothing we can do to respond to DMCA or equivalent inquiries.

6. Since we do not log activity, we have no way of identifying users. In the event that we are somehow forced to log activity for a user going forward, it would be reflected in the Warrant Canary within our Privacy Policy.

7. We do not restrict torrents, file-sharing or P2P.

8. We use ProBiller as a payment provider on our web site, as well as Apple and Google within our iOS and Android apps respectively. Since we have no logs, there is never anything that can be linked to usage of our service nor IP assignment.

9. It depends on the platform. Open VPN and IKEv2 are both considered to be the best in the industry.

10. We have a kill-switch feature within our desktop apps, as well as our Android app. For iOS, incorporating a kill-switch is not possible due to operating system restrictions, but we do have an Auto-Reconnect upon Disconnect feature there.

11. We’ve contracted StackPath for the purpose of network infrastructure. Our agreement forbids the snooping of any traffic, and we use DNS servers they host.

1. We have a strict No-Logs policy, so none of our traffic or DNS servers log or store any user info.

2. We’re part of Kape.

3. Our dedicated team monitors the whole service and infrastructure for any abuse of service. We have several tools in place, from CDN protection to firewalls and our own server monitoring system. Concurrent connections limits are monitored & also enforced via our systems to avoid such types of abuses.

4. We use Google Analytics, Zendesk, and Active Campaign.

5. Back in 2011, we were the first in the VPN industry to publish a Transparency Report. It’s something we still do today when we launch our reports quarterly. When we receive a lot of DMCA takedown notices our reply is always the same: we keep no logs and cannot comply with the request.

6. Since we store no logs, such requests do not affect us. Under Romanian law, data retention is not mandatory. This allows us to give our ‘Ghosties’ complete digital privacy.

7. In some countries, local legislation prevents us from offering adequate service for torrenting. Other locations have performance constraints. We currently do not support port forwarding services. What’s more, specific ports related to email services are also blocked as an anti-spam security measure.

8. We do not any store payment details. These are handled by our payment providers, which are entirely Payment Card Industry Data Security Standard compliant.

9. We generally favor the AES-256 encryption platform & protocol wide for its good balance of performance and security.

10. Yes, we have a kill switch in place, but we do not support dual stack.

11. We use disk encryption to make sure no third party can access the contents of our VPN servers. Furthermore, we have additional server authenticity tests in place to eliminate the risk of Man-in-the-middle attacks. We use self-managed DNS servers to ensure the E2E protection of online activity.

12. We have over 6,500 VPN servers in 90 countries. Most of them are physically located within the borders of the specified country. All details are available here.

1. Our entire infrastructure and VPN service is built to ensure that no logs can be stored – anywhere. Our servers are locked in cabinets and operate without any hard drives. We use a tailored version of Alpine, which doesn’t support SATA controllers, USB ports etc.

3. We don’t monitor abuse. In order to limit concurrent connections, our VPN servers validate account credentials by making a request to our website. Our web server keeps track of the number of connected devices. This is stored as a value of 0-4, where it is increased by one when a user connects and decreased by one when a user disconnects.

4. For website insights, we use Matomo/Piwik, an Open Source solution that we host ourselves. The last two bytes of visitors’ IP addresses are anonymized; hence no individual users can be identified. Automatic emails from the website are sent using Postmark. Intercom is used for support.

5. Since we don’t store any information, such requests aren’t applicable to us.

6. We can’t provide any information to the court. A court wouldn’t be able to require logging in our jurisdiction – but in case it did happen we would move the company abroad. OVPN has insurance that covers legal fees as an additional layer of safety, which grants us the financial muscles to refute any requests for information.

7. We don’t do any traffic discrimination. As such, BitTorrent and other file-sharing traffic are allowed on all servers. We do provide port forwarding services as incoming ports are blocked by default. The allowed port range is 49152 to 65535. For other ports, we recommend users to purchase our Public IPv4 add-on.

8. PayPal, credit cards (via Braintree), Bitcoin (via Bitpay), Bitcoin Cash (via Bitpay), cash in envelopes as well as a Swedish payment system called Swish. We never log IP addresses of users, so we can’t correlate an IP address to a payment.

9. OVPN’s default settings, which uses AES-256-GCM for OpenVPN. In terms of connection, we recommend using our Multihop add-on.

11. We own all the servers used to operate our service. All VPN servers run without any hard drives – instead we use tmpfs storage in RAM. Writing permissions for the OpenVPN processes have been removed, as well as syslogs. Our VPN servers do not support physical console access, keyboard access nor USB access. The servers are colocated in various data centers that meet our requirements. OVPN does not rent any physical or virtual servers. We operate our own DNS servers.

12. We do not offer any virtual locations. All our regions are listed here. We have photos of our servers at all locations, which are viewable by clicking on the region names

1. We do not keep any logs, data, timestamps or any other kind of information that would enable anyone to identify current or former users of our service.

2. Surfshark is a registered trademark of Surfshark Ltd., a company registered in the British Virgin Islands (BVI). Surfshark Ltd. is not a subsidiary of any other company.

3. We do not limit the number of simultaneous connections. We have safeguards against abuse of our service: our Terms of Service has a clause on Fair Usage Policy; if this policy is intentionally violated, we have an automated network maintenance system that indicates the abnormalities on server load, and can limit an immoderate number of devices simultaneously connected to one session to make sure that none of our customers are affected by potentially deteriorated quality of our services.

4. We do not use any Alphabet Inc. products except for Google Analytics, which is used to improve our website performance for potential customers. For a live 24/7 customer support and ticketing service, we use industry-standard Zendesk. For our communication, we use a secure email system Hushmail. For transactional communication, we use SendGrid and Iterable for user communication.

These third-party services have no access to any other kind of user information outside the scope of the one specified in our Privacy Policy. Also, we have legally binding agreements with all third-party service providers to not disclose any of the information they have to anyone outside the scope of the services they provide to us

5. DMCA takedown notices do not apply to our service as we operate outside the jurisdiction of the United States. In case we received a non-US equivalent, we would not be able to provide any information because we have none (strict no logs policy).

6. We have never received a court order from the British Virgin Islands (BVI) authorities. If we ever received a court order from the BVI authorities, we would truthfully respond that we are unable to identify any user as we keep no logs whatsoever. If data retention laws would be enacted in the BVI, we would look for another country to register our business in. For any information regarding received legal inquiries and orders we have a live warrant canary.

7. Surfshark is a torrent-friendly service. We allow all file-sharing activities and P2P traffic, including BitTorrent. For that, we have hundreds of specialized servers in various countries, and the user will always be connected to the fastest specialized server in case of P2P activities. We do not provide port forwarding services, and we block port 25.

8. Surfshark subscriptions can be purchased using various payment methods, including cryptocurrency, PayPal, Alipay, major credit cards, and many country-specific options. None of these payments can be linked to a specific user as we do not collect any timestamps, IP addresses, session information, or other data.

9. We recommend using advanced IKEv2/IPsec and OpenVPN (UDP and TCP) security protocols with strong and fast AES-256-GCM encryption and SHA512 signatures. Also, on our Windows and Android apps we support Shadowsocks protocol as an option. The AES-256-GCM is different from AES-256-CBC as it has an inbuilt authentication which makes the encryption process faster.

11. We use our own DNS servers which do not keep any logs as per our Privacy Policy. All our servers are physically located in trusted third-party data centers. 80% of our servers are already RAM-only, and we’ll have a 100% RAM-only server network by the end of June 2020.

Before choosing a third-party service provider, we have a strict due diligence process to make sure they meet our security and trust requirements. To prevent unauthorized snooping, we use the 2FA method to reach our servers and have developed a special authorization procedure so that only authorized system administrators can access them for configurations.

12. As of May 2020, we have over 1700 servers physically located in 109 locations, in 64 countries. As per user requests, we have only a few virtual locations that are clearly indicated within our apps’ user interfaces.

1. We keep minimal connection session logs to help us in troubleshooting customers’ connection problems but also to identify attacks.

This information contains IP address, connection start and end time, protocol used (including port) and amount of data transferred for OpenVPN connections. This info isn’t stored on any server disk and is wiped out on session-end time or daily. For WireGuard connections, the endpoint IP (public user’s IP) is erased within a few minutes after closing the connection (no handshakes within a specific time).

2. Cryptolayer SRL, registered in Romania.

3. There are automated firewall rules that can kick-in in the event of some specific abusive activities. Manual intervention can take place when absolutely necessary, in order to maintain the infrastructure stable and reliable for everyone. Concurrent connections are limited by the authentication back-ends.

4. No, we don’t.

5. We are handling DMCA complaints internally without involving the users (i.e. we are not forwarding anything). We use shared IP addresses so it’s not possible to identify the users.

6. This has never happened. In such an event, we would rely on legal advice. It’s worth noting that we use shared public IPs on all servers so it’s not possible to identify a user based on past activity using a specific VPN gateway IP.

7. It is allowed on all servers. Port forwarding is not supported due to security and privacy weaknesses that come with it, ports aren’t blocked except for SMTP/25.

8. All popular cryptocurrencies, PayPal, credit cards, several country-specific payment methods, some gift cards. Crypto payments can be anonymous.

9. OpenVPN using Elliptic Curve Cryptography for Key Exchange (ECDHE, curve secp256k1) is used by default in most cases. We also support RSA-4096, SHA256 and SHA512 for digest/HMAC. For data encryption we use AES-256-GCM and AES-128-GCM. We are also supporting the WireGuard VPN protocol with its parameters (Curve25519, Blake2s, ChaCha20, Poly1305)

10. Yes, these features are embedded in our client software. We also provide guides and support on how to set effective “kill switches” for specific applications like torrent clients.

11. We have physical control over our servers in Romania. In other countries, we rent or collocate our hardware. We use our own DNS resolvers and all DNS traffic between VPN gateways and DNS resolvers is encrypted, not logged.

*Note: Private Internet access, ExpressVPN and NordVPN are TorrentFreak sponsors. We reserve the first three spots for them as a courtesy. This article also includes a few affiliate links which help us pay the bills. We never sell positions in our review article or charge providers for a listing.